nanog mailing list archives
Re: ICMP Attacks???????
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Fri, 22 Aug 1997 18:09:21 -0400
On Fri, Aug 22, 1997 at 02:42:42PM -0700, Joe Rhett wrote:
I don't think that's a good idea. The vast majority of routers that I sell to customers are not used in Internet applications, and to add another configuration step to enable the router to do what routers traditionally do by default would be very confusing to the end user.You're saying that Corporate America *relies* on being able to to IP source address spoofing through the routers it builds its commercial private networks with?<sigh> No, I believe he's saying that corporate america comes in two flavors. 1) that isn't terribly clueful, and don't know how their packets route (scary how often you see this .. RIP-based networks that "just work") 2) Multi-path, decentralized network administration. So any given router will not be aware of all paths in the topology, and may route packets that it doesn't know how to return. Deliberately. Trust me, you don't know how your peer routes their traffic. Neither does sales know how the engineering department does in some cases. Or the backbone group knows all, and the department routers know nothing.
So far, so good.
In any case, this logic used for this would have to be very complex. ..which would cause complex problems. I prefer simple manual editing.
No, not really.
Actually, on the End-Of-Branch routers you could implement functions which say not to route anything coming through a given interface unless it is from that network. But this won't work on most branch router configurations.
This was what I originally proposed, in the posting from which this thread descended. Did everyone miss it? Cheers, -- jra -- Jay R. Ashworth jra () baylink com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
Current thread:
- Re: ICMP Attacks???????, (continued)
- Re: ICMP Attacks??????? Jon Green (Aug 21)
- Re: ICMP Attacks??????? Paul Ferguson (Aug 21)
- Re: ICMP Attacks??????? Jon Green (Aug 21)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 21)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 21)
- Re: ICMP Attacks??????? Jon Green (Aug 21)
- Re: ICMP Attacks??????? Greg A. Woods (Aug 21)
- Re: ICMP Attacks??????? Jon Green (Aug 22)
- Re: ICMP Attacks??????? Greg A. Woods (Aug 22)
- Re: ICMP Attacks??????? Joe Rhett (Aug 22)
- Message not available
- Re: ICMP Attacks??????? Jay R. Ashworth (Aug 22)
- Re: ICMP Attacks??????? Josh Beck (Aug 21)
- Blocking spoofing at the source (was: ICMP Attacks??) Joe Rhett (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Josh Beck (Aug 22)
- Message not available
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Jay R. Ashworth (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Robert Sanders (Aug 29)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Phil Howard (Aug 22)
- Re: Blocking spoofing at the source (was: ICMP Attacks??) Robert Sanders (Aug 29)
- Re: ICMP Attacks??????? Peter E. Giza (Aug 21)
- Re: ICMP Attacks??????? Jon Lewis (Aug 21)
- Re: ICMP Attacks??????? Alex "Mr. Worf" Yuriev (Aug 21)